I created a hosted button using a business account and integrated that code with my php application.
I use 'Website Payments Standard' and generated the 'Buy Now Button' using the tool provided in 'Merchant Services' page.
I am using http://sandbox.paypal.com/ to test this.
Configurations in Merchant Profile:
Instant Payment Notification (IPN) is
'Enabled' and 'Notification URL'
given.
Auto Return is On.
Return URL specified (the same given above in notification URL)
Payment Data Transfer is On
Website Payment is Off
PayPal Account Optional: is Off
While creating the button also in the third option I gave the same notify_url.
Transaction happens successfully and gets redirected to my notify_url.
The issue is, $_POST from paypal response in my notified page is empty.
I printed the $_POST in the first line of my notifier page itself. Do I need to add any other configuration? Am I making any mistake?
The data is going to the IPN url. Log the $_POST data to a file from the script at the IPN URL and see what you are getting. I think if you turn off the IPN, you may then get the data on the notify_url (been a while though, not 100% sure on that part).
the notify url is just for receiving the data from paypal about the transaction, it's not a webpage that you can display, because it doesn't happen inside the normal page flow, paypal simple opens a curl command (or similar) to your server and dumps all the data over $_POST
the return url is only used when the user clicks to return to your website.
so don't use the return url for recording the status of the payment, or sending emails, it'll fail badly, always use the notify url for doing that, the return url is just to show the user something pretty after he's paid, or not pretty if it failed
Related
I just set up an ARB page for my sandbox authorize.net account and I am fairly certain the transaction is going through, as my error_log has nothing in it, but I wanted to view the dummy info that I sent to make sure it's actually logging this transaction somehow if that is even possible. I'm just using the sample data from that test subscription page and sending it out. Am I able to view that my authorize.net sandbox account received this data anywhere?
I have tried this in both live/test modes and subscriptions remain at 0 for both modes.
If I cannot test it this way, how can I get the page that's sending the request to report back to me that the request/response was successful?
Thanks
you have to login in authorize.net merchant account and then set a silent post url there and when ever a transaction will be done then it will return response in json format and you need to capture that event in your silent post url script and that response need to store in a table field and later on you can check about it.
for further assistance you can check following url.
http://www.johnconde.net/blog/tutorial-integrate-the-authorize-net-arb-api-with-php/
I am currently using the following library:
https://github.com/paypal/adaptiveaccounts-sdk-php/tree/master/samples/IPN
And Paypal IPN seems to be working fine... I can successfully checkout and all of the POST data from Paypal is logged to my server, only problem is - How do I check against it when the user is back on the site?
I currently have the return URL set to the same as the IPN url (look in github for code) and after I get all of the valid data, the user gets returned to the IPN page and it says invalid.
Not quite sure, any thoughts?
IPN should NOT be used as the return URL.
Return URL brings the buyer back to your site. The page at the return URL should display either a generic thank you page, or a page indicating the status of the buyer's order. Which one of the above to choose, depends on the PayPal product you select, your integration and your purchasing flow.
The script URL of the IPN listener is used to automate your order handling process. The IPN listener gets the IPN messages, processes your order in your own defined way.
IPN listener should post back very specific data to PayPal IPN endpoint with HTTP Status 200. If it also outputs a page, it makes things too complicated. You would need to differentiate between a buyer visit and a PayPal IPN message, and need to do corresponding display or IPN verification. To make things simple, separating the two things into two pages / scripts would be better and more logical.
I think this is the reason why your buyer gets "invalid": your IPN listener gets the request data when a buyer returns to your listener, and uses the data to verify IPN with PayPal. PayPal returns "invalid" as the data are not from valid IPN messages and thus cannot be verified.
Not a Php dev and haven't looked, but if you really want to use the same URL (I wouldn't - they serve different purposes), then the difference would be the (http) request method:
GET for a redirect and
POST for IPN
That would be one way you'd determine what kind of Request that url is getting and handle as you deem fit.
I've a problem with Paypal IPN. The callback works very well.
I've a site and anyone can signup for free in my site. Later, the user can upgrade the account and here intervenes paypal.
How can I be sure that the user (A) paid to the transaction_id (0123) ?
Ex.
User (A) -> Click to button (item_number = (0009)) -> redirect to paypal page;
User (?) paid -> Paypal IPN sended and server received data -> [Which user has paid?]
!! This, without the user return to the site !!
Thank You
I'm sorry #Vincenzo Raco, but that is bad advice.
PDT and IPN are essentially the same exact thing except that PDT sends data to your return URL and IPN sends it to a silent listener.
There is no guarantee that users will make it back to your return URL, even if you have Auto Return enabled, so it's never a good idea to handle post-payment processing tasks on the return URL. If your IPN is getting hacked that means you have a problem with your configuration.
All IPN's are verified with PayPal's servers, and if you're using API calls, hosted buttons, encrypted buttons, etc. people can't see the original code, copy it, and make adjustments to pricing, which would be the only potential "hack" that anybody could do. Just make sure not to use basic, standard HTML buttons and that potential problem goes away.
IPN is definitely what you want to use to handle your post-payment processing. You can save your user record or whatever data you're working with in your database prior to sending the user over to PayPal. You can include the record ID of your database in the PayPal payment request (I typically use the invoice parameter for this) and then that will be returned in IPN so that you can pull that data back out of your database or add new related accordingly.
I have an option on my phpBB forum to add a Paypal Buy Now button to enable users to sell and purchase items. I would like to have the ability to automatically close a topic once a user makes a purchase through paypal to avoid multiple users from purchasing the same item.
Is it possible to get the user's session data from paypal once they make a transaction? Then incorperate session data into a variable like:
$paypal = (isset($_POST['purchased'])) ? true : false;
Not sure if I need to download the Paypal SDK for this or not.
Any suggestions would be great, thanks.
Is it possible to get the user's session data from paypal once they
make a transaction?
You really want to trust the user's session data? I am sure you can read the session data, you don't want to do that, would be trivial task to alter it. Even if you can you really shouldn't read the session data for another website.
Not sure if I need to download the Paypal SDK for this or not.
This would be the correct way to do it.
When I last used it, Paypal Standard allowed you to specify a return URL (where to send the user) for failures and for successes. Dynamically generate some secret hashes to facilitate when the user is finally redirected.
Or you can use IPN.
Don't rely on the return URL. Buyers can (and will) close their browser / tab after completing a payment.
Instead, use PayPal Instant Payment Notifications to receive a server-to-server notification from PayPal which you can subsequently verify and use to update your database with the appropriate flag for a phpBB closed thread.
IPN works as follows:
You create the PayPal and incude a "notify_url". The value for this parameter will be the full URL to a script on your server, called the 'IPN script' or 'IPN handler'.
You can specify an IPN handler as follows for Website Payments Standard
<input type="hidden" name="notify_url" value="http://blah.com/ipn.php
For Express Checkout or Website Payments Pro, simply include the following in your SetExpressCheckout/DoExpressCheckoutPayment or DoDirectPayment API call respectively.
NOTIFYURL=http://blah.com/ipn.php
A buyer completes a transaction via PayPal
Once the buyer completes the transaction, he/she may close the browser, or return to your website
Once the transaction is accepted and processed by PayPal, PayPal will send out a notification to http://blah.com/ipn.php
You need to take all POST data that was sent to this script, and POST it back to https://www.paypal.com/cgi-bin/webscr?cmd=_notify-validate
If the data you send back matches the data PayPal sent you, a 'VERIFIED' response is returned.
If the response is VERIFIED, it's at this point that you would look up the matching transaction/buyer on your end, and update the phpBB thread status appropriately.
Some sample code and documentation for PayPal IPN is available at https://www.paypal.com/ipn/
In addition, some tips on making a secure IPN script are available at https://www.x.com/developers/community/blogs/ppmtsrobertg/securing-your-instant-payment-notification-ipn-script
Note: If you want to include any custom data along with the transaction which you can read out later, use 'custom'.
<input type="hidden" name="custom" value="xxxxx">
This will also be returned in the IPN POST data sent from PayPal.
I am using sandbox mode.
I click buy item on my shop, and after i pay with sanndbox account it takes me to "Thank you for your payment - Paypal" but doesn't redirect back to my site! I already have IPN setup!
I dont understand, do I need to contact paypal first ? or is there some section on paypal where you can enter your shopping site URL to get it authorized ?
IPN sends the notification to your server behind the scenes, whether the end user is redirected or not.
PDT, is a different (though somewhat similar) technology offered by PayPal, which sends the data when it redirects. Are you sure you are not receiving IPN notifications?
good comparison of the various methods here: https://www.x.com/message/108223#108223
when using IPN, the transaction information will be posted to your ipn handler url directly from paypal in the background. the ipn url can be specified with the "notify_url" parameter or in your profile.
the customer will be redirected back to your site. the target url can be set in your profile or specified in the transaction using the "return" parameter.